With December upon us and 2014 almost in the books, it’s a perfect time to take a look back at the year that was, from a phishing standpoint of course. If you’ve been following this blog, you know that we are constantly analyzing phishing emails received and reported to us by PhishMe employees. What was the most interesting phishing trend we observed in 2014? While attackers are loading up their phishing emails with new malware all the time, the majority of their phishing emails use stale, recycled content.

On Monday, I wrote about attackers using phishing attacks to deliver malware via links to Dropbox. Today, we received another wave of these emails with slightly different subject lines. Figures 1, 2, and 3 show the variants that were received by us in the latest campaign, and reported by our internal users. In this campaign, 10 of our users were targeted.

Your computer is infected! Pay $50 USD in order to remove the malware.

The FBI has been tracking you for visiting inappropriate sites. Please pay $250 to avoid higher court costs and appearances.

Ransomware is nothing new, and typically comes in many shapes and sizes. For years, users have been visiting websites, only to be redirected to a ransomware site and scared into paying fees that amounted to nothing more than lost money. With the advent of CryptoLocker, however, attackers have felt a need to “give” back to their victims. Once they infect a system and encrypt the data, they will offer to decrypt this data for a small fee. How kind of them…

In recent months, attackers have started to change the game by delivering these samples via phishing, and using new malware that imitates Cryptolocker. I recently came across a phish carrying ransomware similar to Cryptolocker, but with some noteworthy differences.